Skip to content
Build Anon Packages

Build Anon Packages #407

Sign in to view logs

Build Anon Packages

Build Anon Packages #407

Workflow file for this run

.github/workflows/build-packages.yml at c0bc0e5
name: Build Anon Packages
on:
# push:
# tags:
# - 'v*'
# - '*beta*'
# branches:
# - main
# pull_request:
# branches:
# - main
workflow_dispatch:
env:
DEBIAN_FRONTEND: noninteractive
# tags (v*): live
# tags (*beta*): beta
# main: stage
# development: dev
# everything else (pull request, etc.): unstable-dev
PKG_ENV: ${{ github.ref_type == 'tag' && (contains(github.ref, 'beta') && 'beta' || 'live') || github.ref == 'refs/heads/main' && 'stage' || github.ref == 'refs/heads/development' && 'dev' || 'unstable-dev' }}
jobs:
#####################
## Debian Packages ##
#####################
build-deb-source:
runs-on: ubuntu-latest
container:
image: debian:bookworm
steps:
- name: Install Dependencies
run: |
apt-get -y update
apt-get -y dist-upgrade
apt-get -y install sudo git build-essential devscripts gpg
- name: Checkout Repository
uses: actions/checkout@v4
- name: Build Anon Source for Debian ${{ env.PKG_ENV }}
uses: ./.github/actions/build-debian-source
with:
release-phase: ${{ env.PKG_ENV }}
debian-private-key: ${{ secrets.DEBIAN_PRIVATE_KEY }}
debian-fingerprint: ${{ secrets.DEBIAN_FINGERPRINT }}
build-deb-package:
runs-on: ${{ matrix.build.runner }}
needs: build-deb-source
container:
image: ${{ matrix.build.os }}:${{ matrix.build.suite }}
strategy:
fail-fast: false
matrix:
build:
# Debian Bookworm
- os: debian
suite: bookworm
arch: amd64
runner: ubuntu-latest
- os: debian
suite: bookworm
arch: arm64
runner: arm64
# Debian Bullseye
- os: debian
suite: bullseye
arch: amd64
runner: ubuntu-latest
- os: debian
suite: bullseye
arch: arm64
runner: arm64
# Debian Trixie
- os: debian
suite: trixie
arch: amd64
runner: ubuntu-latest
- os: debian
suite: trixie
arch: arm64
runner: arm64
# Ubuntu Noble (Support until 2029-05-31, ESM until 2034-04-25)
- os: ubuntu
suite: noble
arch: amd64
runner: ubuntu-latest
- os: ubuntu
suite: noble
arch: arm64
runner: arm64
# Ubuntu Jammy (Support until 2027-06-01, ESM until 2032-04-21)
- os: ubuntu
suite: jammy
arch: amd64
runner: ubuntu-latest
- os: ubuntu
suite: jammy
arch: arm64
runner: arm64
# Ubuntu Focal (Support until 2025-05-29, ESM until 2030-04-23)
- os: ubuntu
suite: focal
arch: amd64
runner: ubuntu-latest
- os: ubuntu
suite: focal
arch: arm64
runner: arm64
# Ubuntu Questing
- os: ubuntu
suite: questing
arch: amd64
runner: ubuntu-latest
- os: ubuntu
suite: questing
arch: arm64
runner: arm64
steps:
- name: Install Dependencies
run: |
apt-get -y update
apt-get -y dist-upgrade
apt-get -y install sudo git build-essential devscripts gpg
- name: Checkout Repository
uses: actions/checkout@v4
- name: Build & Sign Anon Package for Debian ${{ env.PKG_ENV }} ${{ matrix.build.os }}:${{ matrix.build.suite }} for ${{ matrix.build.arch }}
uses: ./.github/actions/build-debian-package
with:
build-arch: ${{ matrix.build.arch }}
release-phase: ${{ env.PKG_ENV }}
debian-private-key: ${{ secrets.DEBIAN_PRIVATE_KEY }}
debian-fingerprint: ${{ secrets.DEBIAN_FINGERPRINT }}
os: ${{ matrix.build.os }}
suite: ${{ matrix.build.suite }}
#################
## Linux Build ##
#################
build-linux-binary:
runs-on: ${{ matrix.build.runner }}
container:
image: debian:bookworm
env:
OPENSSL_VERSION: 1.1.1w
BUILD_ARCH: ${{ matrix.build.arch }}
LIB_ARCH: ${{ matrix.build.arch == 'arm64' && 'aarch64' || 'x86_64' }}
strategy:
fail-fast: false
matrix:
build:
- runner: ubuntu-latest
arch: amd64
libarch: x86_64
- runner: arm64
arch: arm64
libarch: aarch64
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Build Anon for Linux ${{ env.PKG_ENV }} ${{ env.BUILD_ARCH }}
uses: ./.github/actions/build-linux
with:
build-arch: ${{ env.BUILD_ARCH }}
lib-arch: ${{ env.LIB_ARCH }}
release-phase: ${{ env.PKG_ENV }}
#################
## MacOS Build ##
#################
build-macos-binary:
runs-on: ${{ matrix.build.runner }}
strategy:
fail-fast: false
matrix:
build:
- runner: macos-15-intel
arch: amd64
- runner: macos-15
arch: arm64
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Build Anon Client for MacOS ${{ matrix.build.arch }}
uses: ./.github/actions/build-macos
with:
build-arch: ${{ matrix.build.arch }}
release-phase: ${{ env.PKG_ENV }}
###################
## Windows Build ##
###################
build-windows-64-binary:
runs-on: ubuntu-latest
container:
image: ubuntu:latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Build Anon for Windows 64-bit
uses: ./.github/actions/build-windows
with:
release-phase: ${{ env.PKG_ENV }}
sign-windows-64-binary:
runs-on: windows-latest
needs: build-windows-64-binary
steps:
- name: Sign Anon for Windows 64-bit
uses: ./.github/actions/sign-windows
with:
azure-key-vault-uri: ${{ secrets.AZURE_KEY_VAULT_URI }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
azure-cert-name: ${{ secrets.AZURE_CERT_NAME }}
release-phase: ${{ env.PKG_ENV }}
#############
## Release ##
#############
release-deb:
runs-on: ubuntu-latest
needs: build-deb-package
container:
image: debian:bookworm
steps:
- name: Install Dependencies
run: |
apt-get -y update
apt-get -y dist-upgrade
apt-get -y install devscripts zip gpg dput openssh-client
- name: Download raw artifacts
uses: actions/download-artifact@v4
with:
path: raw-artifacts/
- name: Distribute signed .deb packages
run: |
mkdir -p /root/.ssh
ssh-keyscan ${{ secrets.DEBIAN_HOST }} > /root/.ssh/known_hosts
echo "${{ secrets.DEBIAN_ID_RSA }}" | base64 -d > /root/.ssh/id_rsa
chmod 600 /root/.ssh/id_rsa
echo "${{ secrets.DEBIAN_PRIVATE_KEY }}" | base64 -d > debian-private.gpg
gpg --allow-secret-key-import --import debian-private.gpg
cat << EOF > ~/.dput.cf
[anon]
fqdn = ${{ secrets.DEBIAN_HOST }}
incoming = /data/debian/incoming
method = scp
login = reprepro
allow_unsigned_uploads = 0
post_upload_command = ssh %(login)s@%(fqdn)s reprepro processincoming incoming
EOF
echo "Uploading packages"
dput anon raw-artifacts/anon-*/anon_*.changes
echo "Processing incoming packages"
ssh reprepro@${{ secrets.DEBIAN_HOST }} "reprepro processincoming incoming || exit 1"
release-github:
runs-on: ubuntu-latest
needs: [build-deb-package, build-macos-binary, sign-windows-64-binary]
if: ${{ startsWith(github.ref, 'refs/tags/') && !contains(github.ref, 'beta') }}
steps:
- name: Download raw artifacts
uses: actions/download-artifact@v4
with:
path: raw-artifacts/
- name: Copy release artifacts
run: |
mkdir -p release-artifacts/
cp raw-artifacts/anon-*/anon_*.deb release-artifacts/
chmod +x raw-artifacts/anon-${{ env.PKG_ENV }}-linux-amd64/*
chmod +x raw-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64/*
chmod +x raw-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64/*
chmod +x raw-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64/*
zip -j release-artifacts/anon-${{ env.PKG_ENV }}-linux-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-linux-amd64/*
zip -j release-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-linux-arm64/*
zip -j release-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-macos-amd64/*
zip -j release-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-macos-arm64/*
zip -j release-artifacts/anon-${{ env.PKG_ENV }}-windows-signed-amd64.zip raw-artifacts/anon-${{ env.PKG_ENV }}-windows-signed-amd64/*
ls -la -R release-artifacts/
- name: Checkout Repository
uses: actions/checkout@v4
with:
path: ator-protocol
fetch-depth: 1
- name: Publish release artifacts
uses: ncipollo/release-action@v1
with:
artifacts: "release-artifacts/anon*"
bodyFile: "ator-protocol/doc/RELEASE.md"